Home > Vulnerability Database > CVE-2024-56143

Mend.io Vulnerability Database

CVE-2024-56143

Good to know:

Date: October 16, 2025

Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator provided by the document service does not properly sanitize query parameters for private fields. An attacker can access private fields, including admin passwords and reset tokens, by crafting queries with the lookup parameter. This vulnerability is fixed in 5.5.2.

Severity Score

8.2

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-56143

Url: https://github.com/strapi/strapi/commit/0c6e0953ae1e62afae9329de7ae6d6a5e21b95b8

Url: https://github.com/strapi/strapi/security/advisories/GHSA-495j-h493-42q2

Url: https://github.com/strapi/strapi

Url: https://www.mend.io/vulnerability-database/CVE-2024-56143

Severity Score

8.2

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

Top Fix

Upgrade Version

Upgrade to version @strapi/core - 5.5.2

Learn More

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-56143

Good to know:

Date: October 16, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?